Cisco Patches 3 Critical Vulnerabilities

Monday, October 8, 2018 @ 12:10 PM gHale

Cisco patched a series of vulnerabilities in which three fell under the critical category.
Two vulnerabilities affect Cisco Digital Network Architecture (DNA) Center and ended up self-discovered during internal security testing.

CVE-2018-15386 is due to an insecure default configuration of the affected system. Unauthenticated, remote attackers could exploit it by directly connecting to the exposed services and would then be able to retrieve and modify critical system files.

It affects Cisco DNA Center Release 1.1. There are no workarounds, so Cisco recommends users to upgrade to Release 1.2 and later.

CVE-2018-0448 is due to insufficient security restrictions for critical management functions. Unauthenticated, remote attackers could exploit it by sending a valid identity management request to the affected system (authentication bypass) and would then be able to view and make unauthorized modifications to existing system users as well as create new users.

It affects Cisco DNA Center prior to Release 1.1.4. There are no workarounds, so Cisco recommended users upgrade to Release 1.1.4 and later.

There is no indication that either of these vulnerabilities is under active exploitation.

Another vulnerability is CVE-2018-15379, which is a combination of two vulnerabilities that make the HTTP web server for Cisco Prime Infrastructure (PI) have unrestricted directory permissions.

It was discovered by independent security researcher Pedro Ribeiro who reported it to Beyond Security’s SecuriTeam Secure Disclosure (SSD) program.

By exploiting the vulnerability, an unauthenticated, remote attacker could upload an arbitrary file to the vulnerable system, and this would allow the attacker to execute commands at the privilege level of the user prime, which does not have administrative or root privileges, Cisco officials said.

The company advises users to upgrade to Release 3.3.1 Update 02 or 3.4.1, or to employ the following workaround: disable TFTP for Cisco PI and switch to using a secure protocol such as Secure Copy Protocol (SCP) or SFTP for internal operations (e.g., image transfer, configuration, archives).